package com.tanjun.gateway.gatewayservice.config;

import cn.dev33.satoken.exception.NotLoginException;
import cn.dev33.satoken.exception.NotPermissionException;
import cn.dev33.satoken.exception.NotRoleException;
import cn.dev33.satoken.reactor.filter.SaReactorFilter;
import cn.dev33.satoken.router.SaRouter;
import com.alibaba.fastjson2.JSON;
import com.tanjun.common.constants.UrlConstant;
import com.tanjun.common.enums.err.LoginErrCode;
import com.tanjun.common.exception.BizException;
import com.tanjun.common.model.R;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.List;

@Configuration
@Slf4j
public class SaTokenConfigure {
    ///user-service/admin/dept/system/tree
    private static final List<String> listAdminHasLoginPattern = List.of(
            "/*"+UrlConstant.URL_USER.ADMIN+"/*"+UrlConstant.URL_AUTH.AUTH+"/**",
            "/*"+UrlConstant.URL_USER.ADMIN+"/*"+UrlConstant.URL_AUTH.VENDOR+"/**",
            "/*"+UrlConstant.URL_USER.ADMIN+"/*"+UrlConstant.URL_AUTH.SYSTEM+"/**"

    );
    private static final List<String> listMemHasLoginPattern = List.of(
            "/*"+UrlConstant.URL_USER.MEM+"/*"+UrlConstant.URL_AUTH.AUTH+"/**"
    );

    private static final List<String> listOnlyVendor=List.of("/*"+UrlConstant.URL_USER.ADMIN+"/*"+UrlConstant.URL_AUTH.VENDOR+"/**");

    private static final List<String> listOnlySystem=List.of( "/*"+UrlConstant.URL_USER.ADMIN+"/*"+UrlConstant.URL_AUTH.SYSTEM+"/**");
    /**
     * 注册 [Sa-Token全局过滤器]
     */
    @Bean
    public SaReactorFilter getSaReactorFilter() {
        return new SaReactorFilter()
                // 指定 [拦截路由]
                .addInclude("/**")    /* 拦截所有path */
                // 指定 [放行路由]
                .addExclude("/favicon.ico",
                       "/*/*/*/"+UrlConstant.URL_AUTH.OPEN+"/**")
                // 指定[认证函数]: 每次请求执行
                .setAuth(obj -> {
                    log.info("sa-token全局认证,{}", JSON.toJSONString(obj));
                    SaRouter.match(listAdminHasLoginPattern).check(StpUtilKit.adminStpLogic::checkLogin);
                    SaRouter.match(listMemHasLoginPattern).check(StpUtilKit.memStpLogic::checkLogin);
                    SaRouter.match(listAdminHasLoginPattern).check(()->{
                        //判断用户角色是否管理员

                    });
                    SaRouter.stop();
                })
                // 指定[异常处理函数]：每次[认证函数]发生异常时执行此函数
                .setError(e -> {
                    if(e instanceof NotLoginException){
                        throw new BizException(LoginErrCode.NOT_LOGIN);
                    }
                    if(e instanceof NotPermissionException){
                        throw new BizException(LoginErrCode.NOT_PERMISSION);
                    }
                    if(e instanceof NotRoleException){
                        throw new BizException(LoginErrCode.NOT_ROLE);
                    }
                    log.error("sa全局异常:{}",e.getMessage(),e);
                    return JSON.toJSONString(R.err(e.getMessage()));
                });
    }
}
